Unless the law mandates it and provides harsh penalties. Health care and financial companies, to name two industries, spend billions every year on security and privacy.
Spending billions != importance, especially if as you state it's mandated by law any way.
I wouldn't disagree with you though in regards to a large proportion of companies in those two areas. I however was specifically speaking of the other industries, the majority of which still see IT as an unnecessary expense and anything more than "new password every 30 days" as an inconvenience.
I wouldn't disagree with you though in regards to a large proportion of companies in those two areas. I however was specifically speaking of the other industries, the majority of which still see IT as an unnecessary expense and anything more than "new password every 30 days" as an inconvenience.